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(54) Title: MANAGEMENT OP COMPUTER WORKSTATIONS 

(57) Abstract 



A method of managing a plu- 
rality of computer workstations inter- 
connected by a network, the work- 
stations including at least one policy 
group. The method includes the steps 
of receiving data relating to the pol- 
icy group definition and generating a 
program representative of the policy 
group definition data. The generated 
program is sent to each of the plu- 
rality of workstations and the work- 
stations instructed to check, by em- 
ploying the program, whether or not 
each respective workstation belongs 
or does not belong to the at least 
one policy groups. The results of the 
checking step from each work station 
are returned to at least one managing 
station. 
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I . . 

MANAGEMENT OF COMPUTER WORKSTATIONS 

The subject of this application is concerned with 
modern networks of computers . With the advent of reliable 
5 Local Area Networks (LANs) and good quality Wide Area 
Networks (WANs) it has been possible to interconnect low 
cost powerful personal computers and file / print server 
equipment. Such networks of computers have grown very 
quickly in recent years so that it is not uncommon to find 

10 networks ranging from thousands to tens of thousands of 
computer (nodes) all within the same commercial 
organisation. Companies usually develop such networks to 
cover a number of main sites which will be served by LANs 
and interconnected via WAN links. 

15 This structure is in marked contrast to the structure 

of data networks of 10 years ago where computer terminals 
were connected directly (or via concentrators) to one or a 
very few large mainframe computers. 

Not only does this change represent a major difference 

20 in technology , but it also gives rise to differences in 

operating principles. In the old mainframe case, all 

■ - • 

services were provided and controlled centrally from the 
company's IT and Operations departments; whereas now there 
is a strong tendency to decentralise and for individual 

25 departments become responsible for their own workstation 
PCs. In any event, no central control is implied or 
(usually) imposed on LANs and their connected systems. 

Management systems for controlling the network 
infrastructure of LAN/WAN networks are frequently to be 

3 0 found but to date, few (if any) of these address the 
problem of managing workstations and their servers (fig 1) . 
A major problem comes about firom the fact that each PC is 
independent of the others and thus may be configured 

•r 

differently and without reference to them. Each may contain 
35 different software suites as well as different hardware. 
However, since they are all using a common data 
infrastructure (the LAN/ WAN) these differences can give 
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rise to conflicts on data accesses. Furthermore, since no 
one authority is responsible for all the PCs, no-one can 
guarantee that software licence provisions are being 
strictly adhered to. 
5 The resolution of these problems implies being able to 

• _ « # 

define inventory classes (for groups of computers) and 
being able to monitor them on a continuous basis. Added to 
this is the problem of making changes and updates to such 
groups of computers as they are found to require it. The 
10 actual groupings specified will need to reflect the 
operational as well as organisational nature of each 
company concerned. In effect network administrators have to 
be able to define and redefine them as a company's needs 
change. 

15 According to the present invention , there is provided 

a method of managing a plurality of computer workstations 
interconnected by a network, the workstations including at 
least one policy group, the method including the steps of: 
receiving data relating to the policy group 
20 definition; 

generating a program representative of the policy 
group definition data; 

sending the generated program to each of the plurality 
of workstations; 
25 instructing the workstations to check, by employing 

the program, whether or not each respective workstation 
belongs or does not belong to the at least one policy 
group; and 

returning the results of the checking step form each 
30 work station to at least one managing station. 

This invention solves the above problems firstly by 
allowing the network administrator (i.e. the user of the 
network management system) to be able to define the 
membership conditions corresponding to each group which he 
35 wishes to create , anc^then to have them sent to all of the 
workstations on the network as a script or program data for 
execution within each agent locally. At this point, (the 
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agent residing in) each workstation will check periodically 
whether or not it fulfils any group membership and if so it 
will transmit a trap or event message to the network 
management station. This in turn on receiving these traps 
5 will update its database to reflect this. Thus, since the 
membership of each group is checked independently by each, 
workstation, the effect is one of producing an inventory in 
real time of network status. Policies can therefore be 
managed with an assurance of accurate and timely 

10 information. 

The novelty of the above approach is in respect of the 
fact that the decisions for group membership are taken by 
each workstation itself and independently of any others. In 
order to do this, it is necessary that the stations are 

15 capable of receiving and processing the definition 
information, be it in the form of a definition file or in 
the form of an ex ecutable script or program which is 
generated at the management station. This in turn implies 
the presence of some form of management agent in the 

20 workstations , and a communications sub- system which can 
send to and receive transmissions from the management 
system, which itself will update its database to record any 
changes. 

One example of the present invention will now be 
25 described with reference to the accompanying drawings, in 
which: 

Figure 1 shows a computer network; 

Figure 2 shows a network management system employing 
the invention; and 
30 Figure 3 is a flow diagram of an operation according 

to the invention. 

Figure 1 shows a standard node computer network 10 
which has plural interconnected user workstations 11. The 
workstations are managed from a main network management 
3 5 station 12. 

The problem cited above of managing the workstations 
11 , can be seen in this context as one of updating (reading 
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from or writing to) database entries and as a consequence 
from/ to the real workstation agents. When the numbers of 
workstations 11 start to become large (i.e. from many 
hundreds to tens of thousands) then, although powerful 
5 management systems 12 can access these volumes 
automatically, it becomes impossible for the human operator 
to search through such volumes and indicate which agents 
need to be contacted. 

The answer to this is to break down this mass of nodes 

10 into groups and to manage the groups as if they were 
individual workstations. That is, an update to a group of 
(for example) parameter 5 on a group will cause the 
management system 12 to send an update order to all nodes 
contained in that group, for an update to parameter 5. Such 

15 groups are often called policy groups since all members are 
subject to the same management rules or policies. 

The main difficulty then is in being able to define 
which groupings are significant and to define which of the 
(maybe thousands of) nodes should belong to which groups. 

20 The method of the invention can be employed on network 

management systems 12 of the type managing the network 10 
of figure 1. Such a system 12 is shown in figure 2 and 
generally consists of the following components: 
1. A graphical user interface 

25 2. A network Management control program (s) 

£3. A database (for registering network events and 

recording network component information) 
.4. A communications sub-system (for reading and updating 
network component status). 

30 Of particular importance is the management database 3 

£which contains a data record for each of the devices 11 
(nodes hubs routers etc.) which are to be found on the 
network 10. Typically a record will contain information 
such as the node's network address, its physical parameters 

35 and may also contain data related to its identification in 
the company's environment, ^uch as who is the responsible 
user and where it is located/I Database techniques are used 
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5 

to manage this information on larger scale management 
systems because of ,the extent of the information, . the 
numbers of nodes involved and the inter-relationships which 
may exist between co-operating network devices 11. 
5 Manageable devices 11 are those end stations which can 

be interrogated and updated from the management system 12. 
This interrogation and updating is performed by sending 
messages (from the communications sub-system 4) to control 
programs (known as agents) which reside and are always 
10 active locally in the end stations 11. These agents are 
very common in network devices (such as bridges and 
routers) but are only just becoming available for user 
workstations. 

The steps required for the implementation of the 

15 invention are shown in fig 3. The actions are initiated by 
a network administrator who will decide on the group 
membership conditions and configure his management station 
12 accordingly (step 1) . This is then compiled into scripts 
or programs (step 2) which are sent to all workstation 

20 agents on the network 10 (step 3) . Note that normally 
there will be many group definitions active at any one 
£ime. At each workstation 11/ on receiving a new group 
definition, the local agent will add it to his list of 
active group conditions and periodically will check the 

25 workstation 11 to see if any changes have taken place which 
affect the membership conditions (step 4). The rate at 
which this checking (polling) takes place is given by the 
script, since some conditions are more dynamic than others. 
A typical check on available disk space, for example, might 

30 be once every 15 seconds, whereas that for installed 
software need only be once every 10 minutes* Note that the 
agent will perform these checks independently of the 
workstation 11 being connected to the network 10, and will 
signal them as and when it is reconnected. This is 

35 particularly useful for portable PCs. 

Whenever a change is detected which affects the 
' membership of one or more defined groups, the agent causes 
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a trap message to be sent to 
signal this event (step 5). 
the database entries for 
(optionally) generate an 
5 administrator (step 6) . 



the management station 12 to 
This trap is used to update 
each group and may also 
alarm condition for the 
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CLAIMS 

1. A method of managing a plurality of computer 
workstations interconnected by a network , the workstations 
including at least one policy group, the method including 
5 the steps of: 

recoiving, -data.^ relating to the policy group 

defmxtxan; 

g enerating a program representative of the policy 
group definition data; 

10 sending the generated program to each of the plurality 

of workstations; 

instructing the workstations to check , by employing 
the program, whether or not each respective workstation 
belongs or does not belong to the at least one policy 
15 groups; and 

returning the results of the checking step from each 
work station to at least one managing station* 



2. A method according to claim 1, wherein the policy 
20 group definition data is received at a remote location. 



3, A method according to claim l or claim 2 f wherein the 

■v. 

generated program is generated at a remote location* 



25 4. A method according to any of claims 1 to 3, wherein 
the checking step is performed regardless of whether the 
workstation is connected to a network or not. 

5, A method according to any of the preceding claims, 

• -* 

30 wherein the generated program is altered in response to the 
returned results. 
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